A HOLISTIC APPROACH FOR SECURITY REQUIREMENT SPECIFICATION FOR LOW-COST, DISTRIBUTED UBIQUITOUS SYSTEMS

The class of low-cost, distributed ubiquitous systems represents a computing mode where a system has small, inexpensive networked processing devices, distributed at all scales throughout business activities and everyday life. The unique features of such a class of ubiquitous systems make the security analysis different from that for the centralized computing paradigms. This paper presents a holistic approach for security requirement analysis for low cost, distributed ubiquitous systems. Rigorous security analysis needs both quantitative and qualitative approaches to produce the holistic view and the robust data regarding the security features that a system must have in order to meet users’ security expectations. Our framework can assist system administrators to specify key security properties for a low-cost, distributed ubiquitous system and to define the specific security requirements for such a system. We applied Bayesian network and stochastic process algebra to incorporate probabilistic analysis to the framework

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Survivability modeling for cyber-physical systems subject to data corruption

Cyber-physical critical infrastructures are created when traditional physical infrastructure is supplemented with advanced monitoring, control, computing, and communication capability. More intelligent decision support and improved efficacy, dependability, and security are expected. Quantitative models and evaluation methods are required for determining the extent to which a cyber-physical infrastructure improves on its physical predecessors. It is essential that these models reflect both cyber and physical aspects of operation and failure. In this dissertation, we propose quantitative models for dependability attributes, in particular, survivability, of cyber-physical systems. Any malfunction or security breach, whether cyber or physical, that causes the system operation to depart from specifications will affect these dependability attributes. Our focus is on data corruption, which compromises decision support -- the fundamental role played by cyber infrastructure. The first research contribution of this work is a Petri net model for information exchange in cyber-physical systems, which facilitates i) evaluation of the extent of data corruption at a given time, and ii) illuminates the service degradation caused by propagation of corrupt data through the cyber infrastructure. In the second research contribution, we propose metrics and an evaluation method for survivability, which captures the extent of functionality retained by a system after a disruptive event. We illustrate the application of our methods through case studies on smart grids, intelligent water distribution networks, and intelligent transportation systems. Data, cyber infrastructure, and intelligent control are part and parcel of nearly every critical infrastructure that underpins daily life in developed countries. Our work provides means for quantifying and predicting the service degradation caused when cyber infrastructure fails to serve its intended purpose. It can also serve as the foundation for efforts to fortify critical systems and mitigate inevitable failures --Abstract, page iii

A Threat Table Based Approach to Telemedicine Security

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper presents a high level analysis of a telemedicine application in order to better understand the security threats to this unique and vulnerable environment. This risk analysis is performed using the concept of threat tables. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, we present a threat modeling framework utilizing a table driven approach. Our analysis reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats

Identifying Early-Life Behavior to Predict Mothering Ability in Swine Utilizing NUtrack System

Early recognition of indicator traits for swine reproduction and longevity supports economical selection decision making. Gilt activity is a key variable impacting a sow’s herd life and productivity. The purpose of this study was to examine early- life behaviors contributing to farrowing traits including gestation length (GL), number born alive (NBA), number weaned (NW), and herd life (HL). Herd life was a binary trait representing if a gilt was culled after one parity. Beginning at approximately 20 weeks of age, video recordings were taken on 480 gilts for 7 consecutive days and processed using the NUtrack system. Activity traits include angle rotated (degree), average speed (m/s), distance travelled (m), time spent eating (s), lying lateral (s), lying sternal (s), standing (s), and sitting (s). Final daily activity values were averaged across the period under cameras. Parity one data was collected for all gilts considered. Data were analyzed using linear regression models and odds ratios (R version 4.0.2). GL was significantly impacted by angle rotated (p = 0.03), average speed (p = 0.07), distance travelled (p = 0.05), time spent lying lateral (p = 0.003), and lying sternal (0.02). NBA was significantly impacted by time spent lying lateral (p = 0.01), lying sternal (p = 0.07), and time spent sitting (p = 0.08). NW was significantly impacted by time spent eating (p = 0.09), time spent lying lateral (p = 0.04), and time spent sitting (p = 0.007). Estimated odds ratios showed gilts traveling below average speeds and spending below average time lying sternal were positively associated with below average GL. Gilts spending below average time lying lateral are associated with below average NW. Gilts spending below average time sitting were negatively associated with below average NW. Gilts spending below average time lying sternal were negatively associated with below average HL. This analysis suggests early-life gilt behavior is associated with sow productivity traits of importance. Further examination of the link between behavior and reproductive traits is necessitated. Utilization of the NUtrack video monitoring system to isolate behavioral differences offers potential to aide in selection decisions. Advisor: Benny Mot

Passive low frequency RFID for non-destructive evaluation and monitoring

Ph. D ThesisDespite of immense research over the years, defect monitoring in harsh environmental conditions still presents notable challenges for Non-Destructive Testing and Evaluation (NDT&E) and Structural Health Monitoring (SHM). One of the substantial challenges is the inaccessibility to the metal surface due to the large stand-off distance caused by the insulation layer. The hidden nature of corrosion and defect under thick insulation in harsh environmental conditions may result in it being not noticed and ultimately leading to failures. Generally electromagnetic NDT&E techniques which are used in pipeline industries require the removal of the insulation layer or high powered expensive equipment. Along with these, other limitations in the existing techniques create opportunities for novel systems to solve the challenges caused by Corrosion under Insulation (CUI). Extending from Pulsed Eddy Current (PEC), this research proposes the development and use of passive Low Frequency (LF) RFID hardware system for the detection and monitoring of corrosion and cracks on both ferrous and non-ferrous materials at varying high temperature conditions. The passive, low cost essence of RFID makes it an enchanting technique for long term condition monitoring. The contribution of the research work can be summarised as follows: (1) implementation of novel LF RFID sensor systems and the rig platform, experimental studies validating the detection capabilities of corrosion progression samples using transient feature analysis with respect to permeability and electrical conductivity changes along with enhanced sensitivity demonstration using ferrite sheet attached to the tag; (2) defect detection using swept frequency method to study the multiple frequency behaviour and further temperature suppression using feature fusion technique; (3) inhomogeneity study on ferrous materials at varying temperature and demonstration of the potential of the RFID system; (4) use of RFID tag with ceramic filled Poly-tetra-fluoro-ethyulene (PTFE) substrate for larger applicability of the sensing system in the industry; (5) lift-off independent defect monitoring using passive sweep frequency RFID sensors and feature extraction and fusion for robustness improvement. This research concludes that passive LF RFID system can be used to detect corrosion and crack on both ferrous and non-ferrous materials and then the system can be used to compensate for temperature variation making it useful for a wider range of applications. However, significant challenges such as permanent deployment of the tags for long term monitoring at higher temperatures and much higher standoff distance, still require improvement for real-world applicability.Engineering and Physical Sciences Research Council (EPSRC) CASE, National Nuclear Laboratory (NNL)

Air Force Institute of Technology Research Report 2019

This Research Report presents the FY19 research statistics and contributions of the Graduate School of Engineering and Management (EN) at AFIT. AFIT research interests and faculty expertise cover a broad spectrum of technical areas related to USAF needs, as reflected by the range of topics addressed in the faculty and student publications listed in this report. In most cases, the research work reported herein is directly sponsored by one or more USAF or DOD agencies. AFIT welcomes the opportunity to conduct research on additional topics of interest to the USAF, DOD, and other federal organizations when adequate manpower and financial resources are available and/or provided by a sponsor. In addition, AFIT provides research collaboration and technology transfer benefits to the public through Cooperative Research and Development Agreements (CRADAs). Interested individuals may discuss ideas for new research collaborations, potential CRADAs, or research proposals with individual faculty using the contact information in this document